312-50V12 Question #215: Real Exam Question with Answer & Explanation

Question

An ethical hacker is hired to evaluate the defenses of an organization's database system which is known to employ a signature-based IDS. The hacker knows that some SQL Injection evasion techniques may allow him to bypass the system's signatures. During the operation, he successfully retrieved a list of usernames from the database without triggering an alarm by employing an advanced evasion technique. Which of the following could he have used?

Options

• AUtilizing the char encoding function to convert hexadecimal and decimal values into characters
• BImplementing sophisticated matches such as "OR john' = 'john'" in place of classical matches like
• CManipulating white spaces in SQL queries to bypass signature detection
• DUsing the URL encoding method to replace characters with their ASCII codes in hexadecimal

Explanation

An ethical hacker successfully bypassed a signature-based IDS detecting SQL injection by employing an advanced evasion technique that obfuscated the malicious query without triggering an alarm.

Common mistakes.

• B. Implementing slightly varied but still common SQL injection tautologies like "OR john' = 'john'" is unlikely to bypass a sophisticated signature-based IDS designed to detect common SQL injection patterns.
• C. Manipulating white spaces, while a form of obfuscation, is generally a basic evasion technique and less likely to bypass a modern or advanced signature-based IDS which often normalizes or accounts for whitespace variations.
• D. URL encoding is an HTTP-level encoding method primarily handled by web servers or WAFs; the database system's IDS would typically receive the decoded SQL query, or the query would fail if not properly decoded before reaching the database.

Concept tested. SQL Injection obfuscation using character encoding functions

Reference. https://learn.microsoft.com/en-us/sql/t-sql/functions/char-transact-sql

No community discussion yet for this question.